Carbon Security Vulnerabilities and Issues — Carbon CVE List

Lucene search

Wso2Carbon

3 matches found

CVE•added 2017/02/17 2:59 a.m.•52 views

CVE-2016-4316

Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.jsp; the (4) dsName or (5)...

6.1CVSS6AI score0.03159EPSS

CVE•added 2017/02/17 2:59 a.m.•46 views

CVE-2016-4314

Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp.

4.9CVSS4.7AI score0.23258EPSS

CVE•added 2017/02/17 2:59 a.m.•43 views

CVE-2016-4315

Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp.

5.7CVSS5.7AI score0.02743EPSS